Month: August 2024
Privacy What if your favorite dating, social media or gaming app revealed your exact coordinates to someone you’d rather keep at a distance? 12 Aug 2024 • , 3 min. read In today’s digital age, geolocation features in many apps offer undeniable convenience. Just before writing this blog, I needed to locate some materials for…
Read MoreAug 13, 2024Ravie LakshmananHealthcare / Vulnerability Cybersecurity researchers have discovered two security flaws in Microsoft’s Azure Health Bot Service that, if exploited, could permit a malicious actor to achieve lateral movement within customer environments and access sensitive patient data. The critical issues, now patched by Microsoft, could have allowed access to cross-tenant resources within the…
Read MoreLearn why the broad use of gen AI copilots will inevitably increase data breaches This scenario is becoming increasingly common in the gen AI era: a competitor somehow gains access to sensitive account information and uses that data to target the organization’s customers with ad campaigns. The organization had no idea how the data was obtained.…
Read MoreArctiq, Aviatrix, Optiv, AWS, Salesforce and OpenText were among the tech companies making key executive hires and moves in July 2024. A new chief revenue officer at Arctiq. A new chief technology officer at Aviatrix. And a new senior vice president of partners, alliances and ecosystems at Optiv. Chris McMillen, formerly of Ahead; Anirban Sengupta,…
Read MoreAug 13, 2024Ravie LakshmananVulnerability / Hardware Security A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head’s XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices. The vulnerability has been codenamed GhostWrite. It…
Read MoreBelarusian-Ukrainian national Maksim Silnikau was arrested in Spain and extradited to the USA to face charges for creating the Ransom Cartel ransomware operation in 2021 and for running a malvertising operation from 2013 to 2022. The threat actor operated under the aliases “J.P. Morgan,” “xxx,” and “lansky” on Russian-speaking hacking forum, where he allegedly promoted the cybercrime operations.…
Read MoreTenable®, the exposure management company, today announced that it has named Shai Morag to the role of chief product officer. Morag will focus on delivering increased momentum and scale across Tenable’s entire portfolio, driving the company’s next era of growth by building security products for a cloud-first world. Morag joined Tenable in 2023 through the…
Read MoreTenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources. The Azure Health Bot Service is a cloud platform that allows healthcare professionals to deploy AI-powered virtual health assistants. Tenable Research discovered critical vulnerabilities that allowed access to cross-tenant resources…
Read MoreNascent yet prominent group With activities traceable to August 2023, the group quickly grew fame as a formidable threat agency and made a dark web entry in February 2024, advertising leaked data on recently disrupted BreachForums and other leak sites. The group, the FBI pointed out, had claimed many victims internationally which included 43 companies…
Read MoreAug 13, 2024The Hacker NewsCyber Defense / Compliance Traditionally, the focus has been on defending against digital threats such as malware, ransomware, and phishing attacks by detecting them and responding. However, as cyber threats become more sophisticated. There is a growing recognition of the importance of measures that stop new attacks before they are recognized.…
Read MoreRecent Posts
- Fake Job Ads and Fake Identities: How North Korea Gets Its Hands on Our Data
- Test
- Critical Patches Issued for Microsoft Products, November 12, 2024
- Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution